New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Test duplicate fields in Mango selector #998

Merged
merged 1 commit into from Nov 23, 2017

Conversation

Projects
None yet
2 participants
@willholley
Member

willholley commented Nov 16, 2017

Overview

Adds a test to verify the behaviour of duplicate fields in a Mango selector.

The fix for CVE-2017-12635 (#936) resulted in CouchDB's JSON parser only recognising the last instance of duplicated fields in a JSON object. This represents a breaking change to Mango (_find)
because, previuously, all instances would have been considered when evaluating a selector.

This test verifies that Mango now only considers the last instance of a field, silently ignoring
those that appear before it.

TBD whether we can or should show an error when this occurs, since this leads to predicates
silently being ignored.

Testing recommendations

Run the Mango test suite.

Related Issues or Pull Requests

#936

Checklist

  • Code is written and works correctly;
  • Changes are covered by tests;
  • Documentation reflects the changes;
@eiri

eiri approved these changes Nov 20, 2017

Test duplicate fields in Mango selector
Adds a test to verify the behaviour of duplicate
fields in a Mango selector.

The fix for CVE-2017-12635 resulted in CouchDB's
JSON parser only recognising the last instance
of duplicated fields in a JSON object. This
represents a breaking change to Mango (_find)
because, previuously, all instances would have
been considered when evaluating a selector.

This test verifies that Mango now only considers
the last instance of a field, silently ignoring
those that appear before it.

TBD whether we can or should show an error when
this occurs, since this leads to predicates
silently being ignored.

@willholley willholley merged commit a406cc0 into apache:master Nov 23, 2017

1 check passed

continuous-integration/travis-ci/pr The Travis CI build passed
Details

@willholley willholley deleted the willholley:mango_test_duplicated_selector_fields branch Nov 23, 2017

willholley added a commit to willholley/couchdb that referenced this pull request May 22, 2018

Test duplicate fields in Mango selector (apache#998)
Adds a test to verify the behaviour of duplicate
fields in a Mango selector.

The fix for CVE-2017-12635 resulted in CouchDB's
JSON parser only recognising the last instance
of duplicated fields in a JSON object. This
represents a breaking change to Mango (_find)
because, previuously, all instances would have
been considered when evaluating a selector.

This test verifies that Mango now only considers
the last instance of a field, silently ignoring
those that appear before it.

TBD whether we can or should show an error when
this occurs, since this leads to predicates
silently being ignored.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment